Overview

overview

10

Static

static

Payment advice.exe

windows7_x64

10

Payment advice.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment advice.zip

  • Size

    798KB

  • Sample

    210727-rpep1vmtfn

  • MD5

    42d298d715fddb3446df1d088a58ce54

  • SHA1

    9e7ed7427dfebea85df2e9929ca5cf8875edba7e

  • SHA256

    2e97b44ed1f81f82a8f4cabbb3745d8dfad093b214d18059b860d545af8ec976

  • SHA512

    6e693412f991304e0f430481c2c8a6b2427335f10ea62f857d83fc9b626b1e405e4df3fbb41aa461ff6bc2c84891036c2355bafeb29a1695dd1cfd2936d6a84d

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.yjhlgg.com/grve/

Decoy

jrvinganimalexterminator.com

smallsyalls.com

po1c3.com

mencg.com

aussieenjoyment.today

espace22.com

aanmelding-desk.info

gallopshoes.com

nftsexy.com

ricosdulcesmexicanos.com

riseswift.com

thechicthirty.com

matdcg.com

alternet.today

creativehuesdesigns.com

rjkcrafts.com

lowdosemortgage.com

adoptahamster.com

wellness-sense.com

jacardcapital.com

Targets

    • Target

      Payment advice.exe

    • Size

      1.6MB

    • MD5

      82816953c8ab81cab088fe61e1d64789

    • SHA1

      36191f22e133db1ee5bb747e47098d039366e0a4

    • SHA256

      955a1caeb560cf3f1db7d818eb00b8dd0a661c53b499460a55454d686f7481d1

    • SHA512

      a13a11ee08c715fab51897bd2410b83bf25d4fa8e7546c179c1b8bd00fd211eb423dcd2092a3d56224a8bdc0c50c610a95f0328341fbead1f6ca18ada2d3b8d8

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks